Nukpɔƒe gbadzaa
Shadowserver Nukpɔƒe la ɖea statistik si nyo nyuie si ɖea nyatakakaha siwo Shadowserver xɔna eye wòmana la fiãna to eƒe gbe sia gbe nuwɔna me le nutsotso siwo wua 100 gbe sia gbe la me. Nyatakaka hatsotsoawo naa mɔ dzesidede teƒe siwo ŋu kpɔtsɔtsɔ le hena avuwɔwɔ, gbɔdzɔgbɔdzɔwo, ɖoɖo siwo mede o, katsiatsiawo ƒe zitɔƒewo hekpe ɖe avuwɔwɔwo ŋuti. IP ƒe ɖoƒe numeɖeɖe le ku ɖe katsiatsia alo nuto aɖe ŋu la le nyatakaka, si woma le nutsotso ƒe nɔnɔme me, me. Shadowserver Nukpɔƒe la meɖe mɔ na nuƒlatsa siawo tɔgbi o. Boŋ la, eɖea statistik siwo ɖea nuwɔna siawo ƒe nɔnɔme fiana la ɖe go. Esia wɔnɛ be woase ŋɔdzi, gbɔdzɔgbɔdzɔ, nudzɔdzɔ siwo le mo dom ɖa fifia gɔme henaa sidzedze le nu siwo le dzɔdzɔm la ŋuti le xexeame godoo, le esi me wòle ame siwo le dɔ wɔm le eŋuti la ƒe ŋkɔwo dem adza me.
Dzɔtsoƒewo kple dzesidenuwo
Woɖo nyatakaka ɖeɖe ɖe go ku ɖe sources and tags nu. Dzɔtsoƒe nye nyatakaka hatsotso aɖe le nɔnɔme aɖe me. Dzɔtsoƒe gbãtɔwoe nye honeypot
, population
, scan
, sinkhole
. Agbɔsɔsɔ kple ŋkutsatsa nye nyatakakaha siwo do tso ŋkutsatsa me eye agbɔsɔsɔ nye nuwuƒe si woɖe ɖe go xexlẽ si ŋuti gbɔdzɔgbɔdzɔ/dedienɔnɔ nyametsotso aɖeke mele o. Nyanu nya si nye 6
le IPv6 nyatakaka teƒe (nuŋɔŋlɔ siwo nu nyanu nya siawo mele o la fia be wonye IPv4 ƒe nyatakaka).
Dzesidenuwo na numeɖeɖe geɖe ku ɖe nyatakaka si fiam wole ate ŋu akpe ɖe dzɔtsoƒewo ŋu. Le kpɔɖeŋu me, dzesidenuwo na scan
ate ŋu alɔ ŋkutsatsa ƒomevi vovovowo ɖe eme (esia nye kpekpeɖeŋudɔ/ɖoɖo siwo me wole ŋku tsam le abe telnet
, ftp
kple rdp
ene). Dzesidenuwo na sinkhole
aɖe malwɛr ƒome siwo tututu le ka dom kple ʋe globo (esia nye amedzroxɔla si me malwɛr ƒome aɖe geɖo abe adload
, andromeda
kple necurs
).
Dzesidenuwo naa nugɔmesese bubuwo ku ɖe nyatakaka si fiam wole ŋuti.
Kpeɖe eŋu la míega doa dzɔtsoƒe hatsotso bubuwo ɖa bena woaɖe nukpɔkpɔ ku ɖe amedzroxɔla siwo gbɔdzɔ alo siwo ŋu kpɔtsɔtsɔ le la ƒe nɔnɔme afia nyuie wu - le kpɔɖeŋu me, http_vulnerable
alo compromised_website
. Dzesidenu siwo ɖe CVE gbɔdzɔgbɔdzɔwo ƒe nɔnɔme, nudzralawo alo nudzadzra siwo esia ka, alo numeɖeɖe ku ɖe megbeʋɔwo ŋuti, webshellwo alo nuƒoɖeme siwo wokpɔ la fiã anɔ esiawo me. Kpɔɖeŋu na http_vulnerable
anye citrix
or cve-2023-3519
.
Mlɔeba le esime míele nu geɖe siwo míekpɔ la tsɔm kpekpe ɖe nyatkakahawo ŋu la, míava nɔ dzesidenu geɖewo hã ɖem ɖe go. Esia gɔmee nye bedzɔtsoƒe hatsotso yeyewo siwo me woawɔ tiatia le la ate ŋu ado. Le kpɔɖeŋu me, togbɔ be snmp
the dzesidenu le dzɔtsoƒe scan
me hã la, woga ɖea eya ke fiana abe dzɔtsoƒe ene. Esia ɖea mɔ na mi be miado snmp ŋkutsatsa metsonu siwo le ƒlatsa, siwo ɖea mɔ be woakpɔ snmp ŋkutsatsa siwo ka gbɔdzɔgbɔdzɔ ɖekaɖeka siwo wu la ɖa abe cve-2017-6736
ene la afia.
Katsiaƒemɔ kpuie siwo yi nyatakaka hatsotsowo gbɔ: Miame tsatsa ƒe kpe
Woxɔ nyatakakaha siwo woɖe fiã la to nu geɖe xɔxɔ mɔnu siwo dome ʋe globo zazã, ŋkutsatsa kple anyitsigo le. Woma nyatakaka hatsotso ƒomevi gbatɔ siawo ɖe miame tsatsa ƒe kpe la dzi, eye wotsɔ aikɔn si to vovo la de dzesi hatsotso ƒomevi ɖe sia ɖe.
Taɖodzi lae nye be woana mɔ be woate ŋu age ɖe source hatsotso aɖe me kaba. Le kpɔɖeŋu me:
-
Ʋe globo - na numeɖeɖe totoɖeme le nyatakakaha siwo wode hatsotso me kple dzɔtsoƒe
sinkhole
ŋuti. Ekama ate ŋu akpɔ ʋe globo ɖeka aɖe ƒe metsonu to dzesidenu alo dzesidenu hatsotso aɖe tiatia me. -
Ŋkutsatsa - na numeɖeɖe totoɖeme le nyatakakaha siwo wode hatsotso me kple dzɔtsoƒe
scan
ŋuti (ŋkutsatsa metsonuwo na kpekpeɖeŋudɔ siwo ŋu dedienɔnɔ nya aɖe ku ɖo la le hatsotso sia me, ate ŋu akpɔ agbɔsɔsɔ metsonuwo to dzɔtsofepopulation
tiatia me boŋ). Ekama ate ŋu akpɔ ŋkutsatsa ɖeka aɖe ƒe metsonu to dzesidenu alo dzesidenu hatsotso aɖe tiatia me. -
Anyitsigowo - na numeɖeɖe totoɖeme le nyatakakaha siwo wode hatsotso me kple dzɔtsoƒe
honeypot
ŋuti. Ekama ate ŋu akpɔ ʋe anyitsigo ɖeka aɖe ƒe metsonu to dzesidenu alo dzesidenu hatsotso aɖe tiatia me. -
DDoS - na numeɖeɖe totoɖeme le nyatakakaha siwo wode hatsotso me kple dzɔtsoƒe
honeypot_ddos_amp
ŋuti. Esiawo nye DDoS avuwɔwɔwo kekeɖedzi siwo wokpɔ tso teƒekpɔkpɔ tɔxɛ le dukɔ/nuto aɖe me. Ekama ate ŋu akpɔ kekeɖedzi mɔnu ɖeka aɖe si wozã to dzesidenu alo dzesidenu hatsotso aɖe tiatia me. -
ICS - na numeɖeɖe totoɖeme le nyatakakaha siwo wode hatsotso me kple dzɔtsoƒe
ics
ŋuti (siwo nye ŋkutsatsa metsonu siwo tso Industrial Control System ɖoɖowo me). Ekama ate ŋu akpɔ dukɔ aɖe me ɖoɖowo to dzesidenu alo dzesidenu hatsotso aɖe tiatia me. -
Ɖɔ CVEs - na numeɖeɖe totoɖeme le nyatakakaha siwo wode hatsotso me kple dzɔtsoƒe
http_vulnerable
kpleexchange
. Esiawo nye ɖɔdzi app siwo wode dzesii le míaƒe ŋutsatsa me to CVE koŋ zazã me. Ekama ate ŋu akpɔ CVE alo nudzadzra siwo esia ka la to dzesidenu alo dzesidenu hatsotso aɖe tiatia me.
Woate ŋu akaka nyatakakahawo me ɖe dukɔwo alo dukɔhawo, nutomewo kple anyigbãwo nu.
Woɖɔ nyatakakaha ɖe sia ɖe le “Ku ɖe nyatakaka sia ŋu” me.
Taflatsɛ nyae be nyatakakaha geɖewo gali kpeɖe esiwo woɖe fia la ŋuti. Le kpɔɖeŋu me, dzɔtsoƒe beacon
aɖe mɔ na wò be nàtsa le C2wo ƒe nuzazãwɔwɔ megbe ƒe nuɖoɖi si míekpɔ le míaƒe ŋkutsatsawo, kple dzɔtsoƒe compromised_website
me aɖe mɔ na wò be nàtsa le ɖɔdzi nuwuƒe siwo ŋu kpɔtsɔtsɔ le siwo míekpɔ le miaƒe ŋkutsatsawo me.
Dzime tsatsa ƒe kpe
Dzime tsatsa ƒe kpe la ɖeamɔ na nukpɔkpɔwɔwɔ vovovo tiatiawo na nyatakaka ɖeɖefia, hekpeɖe dzesidede mɔ ƒe nukpɔkpɔwɔwɔ kple avuwɔwɔkpɔkpɔ nyatakakahawo ŋuti.
Statistik gbadzawo
Ŋutete be woakpɔ source kple tag le statistik gbadzaa me to tiatia wɔwɔ kple nu siwo gbɔna la me:
- Xexeame map - xexeame map ɖeɖe fia si ɖe sources kple tags si wotia fia la. Ŋutinu bubuwo dometɔ aɖewoe nye: ŋutete be woate ŋu aɖe dzesidenu siwo bɔ wu ke dukɔ me kple dzɔtsoƒe, ale si wova zu nu si woxɔ de me le agbɔsɔsɔ nu, GDP, katsiatsiazãlawo, kple bubuwo afia. Ate ŋu atia teƒefianuwo le map la dzi be nàtsɔ aɖe kpekpeme le dukɔ me afia.
- Nutome map - dukɔ ƒe map ɖeɖe fia si me woma dukɔwo me ɖe nutoviwo kple nuto gãwo me le.
- Sɔsɔminasɔewɔwɔ ƒe map - dukɔ eve ƒe sɔsɔminasɔewɔwɔ map
- Gameɖoɖowɔwɔwo - tsart aɖe si le source kple tag le ɣeyiɣi aɖe ɖem le fiafiam. Nyae be eɖea mɔ na nyatakaka hatsotso vovovowo (menye le dukɔ me ɖeɖe ko nu o).
- Nukpɔkpɔwɔwɔ - naa tiatiawcwɔ vovovo le gege ɖe nyatakakahawo me yiyi deto ŋuti, esiwo me kpekpeme mama sɔsɔewo le ɣeyiɣi aɖe me le. Ɖea mɔ na nyatakaka ɖeɖe fia le kplɔ̃wo, bar tsartwo, nya ƒe alilikpowo kple bubuwo ŋuti.
IoT mɔ ƒe statistik (dzesidede mɔ ƒe statistik)
Nyatakakaha sia kple nukpɔkpɔwɔwɔ siwo do ka kplii la naa gbe sia gbe fotoɖeɖe le nuwuƒe siwo woʋu goe la ŋu kple nudzrala siwo woʋu goe kpakple woƒe nudzadzra siwo wode dzesi to míaƒe ŋkutsatsawo me. Wona hatsotso nyatakaka la le nudzrala, nɔnɔme kple mɔ ƒomevi nu. Wode dzesi esiawo le vovovowo nu, siwo dome ɖɔdzi nuwo, SSL/TLS ɖasɛɖigbãlewo, baana siwo woɖe fia, kple bubuwo le. Agbɔsɔsɔ nyatakaka koe le nyatakakaha la me, si gɔmee nye womewɔ ŋugbledede aɖeke le gbɔdzɔgbɔdzɔ siwo ka nuwuƒe siwo woʋu goe la ŋuti o (be nàkpɔ esiawo la, tia dzɔtsoƒewo abe le kpɔɖeŋu me http_vulnerable
ene le Statistik gbadzaa te boŋ).
Nukpɔkpɔwɔwɔ ƒe tsart mawo ƒomevi abe ale si wòle “Statiskik gbadzaa” me ene la li, ke vovototo si le emee nye be le sources kple tags zazã teƒe la, àte ŋu akpɔe (eye nàdewo hatsotso me kple) vendors, models kple device types boŋ.
Avuwɔwɔ ƒe statistik: Gbɔdzɔgbɔdzɔwo
Nyatakakaha sia kple nukpɔkpɔwɔwɔ siwo do ka kplii la naa gbe sia gbe fotoɖeɖe le avuwɔwɔ siwo míaƒe anyitsigo nukpɔkpɔ katsiatsia kpɔ la ŋuti, eye nu si le veviẽ la nye gbɔgdzɔgbɔdzɔ siwo ŋudɔ wowɔ la. Esiawo dometɔ aɖewoe nye ŋutete be woakpɔ nudzadzra siwo ŋu wowɔa avu le edziedzi eye woale ŋku le ale si wowɔa avu le woŋu la ŋuti (esia nye gbɔdzɔgbɔdzɔ si wozã, si me CVE ɖeka aɖe si wole zazãm la le). Àte ŋu akpɔ tsartwo kple avuwɔwɔ la ƒe dzɔtsoƒe kple deƒe hã.
Nukpɔkpɔwɔwɔ ƒe tsart mawo ƒomevi abe ale si wòle “Statiskik gbadzaa” me ene la li, ke vovototo si le emee nye be le sources kple tags zazã teƒe la, zazã teƒe la, àte ŋu akpɔe (eye nàdewo hatsotso me kple) vendor, vulnerability hekpe ɖe source and destination le avuwɔwɔwo teƒe boŋ.
Nukpɔkpɔ hatsotso bubu aɖe - Nuŋudzɔdzɔ, si hã wogatsɔ kpee:
Esia nye gbe sia gbe kplɔtata aɖe si me gbɔdzɔgbɔdzɔ bɔbɔ siwo wozãna siwo wode hatsotso me kple dzɔtsoƒe tɔxɛ IP siwo wokpɔ wole avu wɔm (alo avuwɔwɔ si wote kpɔ si wokpɔ, nenye be nètia katsiatsia tetetkpɔ ƒe statistik tiatia) le. Woɖe nyatakaka tso míƒe anyitsigo ŋkutsanuwo me ƒe katsiaƒe me. Wode nyatakaka hatsotso me kple gbɔdzɔgbɔdzɔ siwo wozã la. CISA Known Exploited Vulnerability mapwɔwɔ (si me nenye be wonyae be ransomwɛr hatsotso aɖe zãe kpɔ le) hekpe ɖe nenye be IoT mɔ aɖe ŋue wowɔ avu la ɖo le serva app teƒe la ha le esia me.
Ɖoɖo gbãtɔ si lie nye be woaɖe gbɔdzɔgbɔdzɔ bɔbɔwo siwo wozã le xexe blibo la katã me afia, gake àte ŋu atsrae kple dukɔ ɖeka alo hatsotso aɖe alo naɖe vovototo ƒe kplɔ̃tata aƒia le esia teƒe boŋ.
Avuwɔwɔ ƒe statistik: Mɔwo
Nyatakakaha sia kple nukpɔkpɔwɔwɔ siwo do ka kplii la naa gbe sia gbe fotoɖeɖe le avuwɔmɔ ƒomevi siwo míaƒe anyitsigo nukpɔkpɔ katsiatsia kpɔ la ŋuti. Míaƒe gbe sia gbe ŋkutsatsawo mee wowɔ asinuɖeɖe le mɔ siawo le. Nyatakakahawo ɖea mɔ be woanɔ afɔ ɖiam na avuwɔwɔ ƒomevi, mɔdzralawo alo nɔnɔme ɖeka aɖe eye woate ŋu atsrae kple dukɔ.
Tsart mawo ƒomevi abe ale si wòle “Statiskik gbadzaa” me ene la li, ke vovototo si le emee nye be le sources kple tags zazã teƒe la, zazã teƒe la, àte ŋu akpɔ avuwɔwɔ (eye nàdewo hatsotso me kple) kple mɔ vendor alo model boŋ.
Nukpɔkpɔ hatsotso bubu aɖe - nuŋudzɔdzɔ, si hã wogatsɔ kpee:
Esia nye gbe sia gbe kplɔtata aɖe si me avuwɔmɔ bɔbɔ siwo ƒe dzɔtsoƒe tɔxɛ IP siwo wokpɔ wole avu wɔm (alo avuwɔwɔ si wote kpɔ si wokpɔ, nenye be nètia katsiatsia tetetkpɔ ƒe statistik tiatia) le. Woɖe nyatakaka tso míƒe anyitsigo ŋkutsanuwo me ƒe katsiaƒe me. Wodewo hatsotso me kple avuwɔwɔ ƒomevi si wokpɔ, nudzrala kple nɔnɔme (nenye be esia li). Míenyana avuwɔmɔ la to IP siwo wokpɔ la tsɔtsɔ sɔ kple míaƒe gbe sia gbe mɔ ŋkutsatsa ƒe asinuɖeɖe (kpɔ "IoT mɔ statistik” ƒe akpa dzi).
Ɖoɖo gbãtɔ si lie nye be woaɖe avuwɔmɔ bɔbɔwo (le dzɔtsoƒewo nu) siwo wokpɔ wole avu wɔm (esiwo me míate ŋu ade dzesi mɔ aɖeke o alo le kpɔɖeŋu me, míede dze nudzrala aɖe ko la le esia me) afia. Àte ŋu atsrae kple dukɔ ɖeka alo hatsotso aɖe alo naɖe vovototo ƒe kplɔ̃tata aƒia le esia teƒe boŋ.